Lucene search
+L

50 matches found

NVD
NVD
added 2026/07/01 5:16 a.m.13 views

CVE-2026-44041

UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb function passes a caller-supplied WCHAR pointer to wcslen before any bounds check. If the caller provides a wide-character buffer that is not properly...

6.5CVSS0.00316EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/07/01 3:33 a.m.7 views

CVE-2026-44041 UltraVNC vncWc2Mb calls wcslen() before validating that the wide string is NUL-terminated

UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb function passes a caller-supplied WCHAR pointer to wcslen before any bounds check. If the caller provides a wide-character buffer that is not properly...

4.3CVSS5.9AI score0.00316EPSS
Exploits0References3
EUVD
EUVD
added 2026/07/01 3:33 a.m.9 views

EUVD-2026-40878

UltraVNC through 1.8.2.2 contains an out-of-bounds read in the wide-string to multibyte conversion helper. In rfb/dh.cpp:204, the vncWc2Mb function passes a caller-supplied WCHAR pointer to wcslen before any bounds check. If the caller provides a wide-character buffer that is not properly...

4.3CVSS5.9AI score0.00316EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/06 8:21 p.m.14 views

CVE-2026-34462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

7.8CVSS6.2AI score0.00174EPSS
Exploits1References1
NVD
NVD
added 2026/05/05 8:16 p.m.7 views

CVE-2026-34462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

7.8CVSS0.00174EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/05 7:30 p.m.26 views

CVE-2026-34462 Sandboxie-Plus ProcessServer boxname stack buffer overflows via unterminated wide string copy

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

7.3CVSS0.00174EPSS
Exploits1References1
CVE
CVE
added 2026/05/05 7:30 p.m.11 views

CVE-2026-34462

Sandboxie-Plus (Windows) versions ≤ 1.17.2 are affected by a stack-based overflow in ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler due to copying a WCHAR boxname[34] into a WCHAR[40] buffer with wcscpy without verifying termination. The service pipe allows conn...

7.8CVSS6.2AI score0.00174EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/05/05 7:30 p.m.7 views

EUVD-2026-27462

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

7.3CVSS6.2AI score0.00174EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/05 7:30 p.m.7 views

CVE-2026-34462 Sandboxie-Plus ProcessServer boxname stack buffer overflows via unterminated wide string copy

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

7.3CVSS6.2AI score0.00174EPSS
Exploits1References1
OSV
OSV
added 2026/05/05 7:30 p.m.3 views

CVE-2026-34462 Sandboxie-Plus ProcessServer boxname stack buffer overflows via unterminated wide string copy

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers KillAllHandler, SuspendAllHandler, and RunSandboxedHandler copy a WCHAR boxname34 field from request structures into WCHAR40 stack buffers using wcscpy...

7.3CVSS6.3AI score0.00174EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.14 views

Sandboxie-Plus 安全漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the use of wcscat to copy the server field in NamedPipeServer::OpenHandler, without verifying the...

8.8CVSS6AI score0.00174EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/17 2:31 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues

Summary IBM Watson Speech Services Cartridge is vulnerable to multiple Base OS issues. We have updated the base image used by our Speech Services and the following vulnerabilities have been addressed. Please read the details for remediation below. Vulnerability Details CVEID:CVE-2021-3572...

6.5CVSS7.5AI score0.02421EPSS
Exploits7Affected Software1
Microsoft CVE
Microsoft CVE
added 2025/10/05 1:2 a.m.7 views

wifi: wilc1000: avoid buffer overflow in WID string configuration

...

7.8CVSS7AI score0.00158EPSS
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-15655

Malicious code in bioql PyPI...

5.5CVSS5.7AI score0.02421EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2025/09/01 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-0530

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This fl...

5.5CVSS6.2AI score0.02108EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/09/01 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-0529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This fl...

5.5CVSS6AI score0.02421EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2024/11/27 8:0 a.m.7 views

Conversion of a wide string to a local string that leads to a heap of out-of-bound write

...

5.5CVSS6.4AI score0.02108EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2024/11/27 8:0 a.m.7 views

Conversion of a wide string to a local string that leads to a heap of out-of-bound write

...

5.5CVSS6AI score0.02421EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2023/10/30 12:0 a.m.22 views

GLSA-202310-17 : UnZip: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202310-17 UnZip: Multiple Vulnerabilities - A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to...

5.5CVSS6.2AI score0.02421EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2023/03/21 12:0 a.m.27 views

Amazon Linux 2023 : unzip (ALAS2023-2023-029)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-029 advisory. A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially...

5.5CVSS6.1AI score0.02421EPSS
Exploits3References8
Rows per page
Query Builder